CVE-2022-22757

MEDIUM

Mozilla Firefox < 97.0 - Origin Validation Error

Title source: rule

Description

Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. <br>*This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.*. This vulnerability affects Firefox < 97.

References (2)

[Issue Tracking, Vendor Advisory] https://bugzilla.mozilla.org/show_bug.cgi?id=1720098

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2022-04/

Scores

CVSS v3 6.5

EPSS 0.0019

EPSS Percentile 40.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Classification

CWE

CWE-345 CWE-346

Status published

Affected Products (1)

mozilla/firefox < 97.0

Timeline

Published Dec 22, 2022

Tracked Since Feb 18, 2026